Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3357 | 3 Actian, Hp, Linux | 3 Ingres, Hp-ux, Linux Kernel | 2020-09-28 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability." | |||||
| CVE-2017-11749 | 1 Internet-soft | 1 Ftp Commander | 2020-09-23 | 6.8 MEDIUM | 7.8 HIGH |
| InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. | |||||
| CVE-2020-4545 | 1 Ibm | 1 Aspera Connect | 2020-09-09 | 9.3 HIGH | 7.8 HIGH |
| IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. | |||||
| CVE-2020-9673 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-3768 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.4 MEDIUM | 7.8 HIGH |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-9672 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-9798 | 2 Google, Mozilla | 2 Android, Firefox | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. | |||||
| CVE-2019-3648 | 1 Mcafee | 3 Anti-virus Plus, Internet Security, Total Protection | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. | |||||
| CVE-2019-13637 | 1 Logmeininc | 1 Join.me | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | |||||
| CVE-2019-1010100 | 1 Akeo | 1 Rufus | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427. | |||||
| CVE-2019-14599 | 1 Intel | 1 Control Center-i | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-6724 | 4 Apple, Barracuda, Linux and 1 more | 4 Mac Os X, Vpn Client, Linux Kernel and 1 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. | |||||
| CVE-2019-9492 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system. | |||||
| CVE-2019-11351 | 1 Teamspeak | 1 Teamspeak | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework. | |||||
| CVE-2017-12892 | 1 Foxitsoftware | 1 Pdf Compressor | 2020-08-19 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2017-11657 | 1 Dashlane | 1 Dashlane | 2020-08-19 | 4.4 MEDIUM | 7.3 HIGH |
| Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory. | |||||
| CVE-2016-9274 | 1 Git For Windows Project | 1 Git For Windows | 2020-08-13 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected. | |||||
| CVE-2010-3159 | 1 Ponsoftware | 1 Explzh | 2020-08-12 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2020-8317 | 1 Lenovo | 1 Drivers Management | 2020-07-29 | 6.9 MEDIUM | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-15009 | 1 Asus | 1 Screenpad2 Upgrade Tool | 2020-07-29 | 4.4 MEDIUM | 7.8 HIGH |
| AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | |||||